Malware Trojan Horse

so, I’m following the directions to get rid of the malware trojan horse…
attached is the first log
Help!

MBAM:

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.11.21.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Alexis N. Harold :: ALEXIS-LAPTOP [administrator]

11/21/2012 6:26:45 PM
mbam-log-2012-11-21 (18-26-45).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 205168
Time elapsed: 10 minute(s), 53 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 19
HKLM\SOFTWARE\Google\Chrome\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk (PUP.GamesPlayLab) → No action taken.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk (PUP.GamesPlayLab) → No action taken.
HKCR\CLSID{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLabs) → Quarantined and deleted successfully.
HKCR\TypeLib{44444444-4444-4444-4444-440044224458} (Adware.GamePlayLabs) → Quarantined and deleted successfully.
HKCR\Interface{55555555-5555-5555-5555-550055225558} (Adware.GamePlayLabs) → Quarantined and deleted successfully.
HKCR\CrossriderApp0002258.BHO.1 (Adware.GamePlayLabs) → Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLabs) → Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLabs) → Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLabs) → Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLabs) → Quarantined and deleted successfully.
HKCR\CLSID{22222222-2222-2222-2222-220022222258} (Adware.GamePlayLab) → Quarantined and deleted successfully.
HKCR\CrossriderApp0002258.Sandbox.1 (Adware.GamePlayLab) → Quarantined and deleted successfully.
HKCR\CrossriderApp0002258.Sandbox (Adware.GamePlayLab) → Quarantined and deleted successfully.
HKCR\CLSID{33333333-3333-3333-3333-330033223358} (Adware.GamePlayLab) → Quarantined and deleted successfully.
HKCR\CrossriderApp0002258.FBApi.1 (Adware.GamePlayLab) → Quarantined and deleted successfully.
HKCR\CrossriderApp0002258.FBApi (Adware.GamePlayLab) → Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy{65bcd620-07dd-012f-819f-073cf1b8f7c6} (Adware.GamePlayLab) → Quarantined and deleted successfully.
HKCR\CrossriderApp0002258.BHO (Adware.GamePlayLab) → Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\I Want This (Adware.GamePlayLab) → Quarantined and deleted successfully.

Registry Values Detected: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\I Want This|Publisher (Adware.GamePlayLab) → Data: 215 Apps → Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 5
C:\Program Files (x86)\I Want This (Adware.GamePlayLab) → Quarantined and deleted successfully.
C:\Users\Alexis N. Harold\Local Settings\Application Data\I Want This (Adware.GamePlayLab) → Quarantined and deleted successfully.
C:\Users\Alexis N. Harold\Local Settings\Application Data\I Want This\Chrome (Adware.GamePlayLab) → Quarantined and deleted successfully.
C:\Users\Alexis N. Harold\AppData\Local\I Want This (Adware.GamePlayLab) → Quarantined and deleted successfully.
C:\Users\Alexis N. Harold\AppData\Local\I Want This\Chrome (Adware.GamePlayLab) → Quarantined and deleted successfully.

Files Detected: 17
C:\Program Files (x86)\I Want This\I Want This.dll (Adware.GamePlayLabs) → Quarantined and deleted successfully.
C:\Users\Alexis N. Harold\Downloads\wp32z (1).exe (Trojan.Agent.WP) → Quarantined and deleted successfully.
C:\Users\Alexis N. Harold\Downloads\wp32z (2).exe (Trojan.Agent.WP) → Quarantined and deleted successfully.
C:\Users\Alexis N. Harold\Downloads\wp32z (3).exe (Trojan.Agent.WP) → Quarantined and deleted successfully.
C:\Users\Alexis N. Harold\Downloads\wp32z.exe (Trojan.Agent.WP) → Quarantined and deleted successfully.
C:\Program Files (x86)\I Want This\I Want This.ini (Adware.GamePlayLab) → Quarantined and deleted successfully.
C:\Program Files (x86)\I Want This\appAPIinternalWrapper.js (Adware.GamePlayLab) → Quarantined and deleted successfully.
C:\Program Files (x86)\I Want This\fb.js (Adware.GamePlayLab) → Quarantined and deleted successfully.
C:\Program Files (x86)\I Want This\I Want This.exe (Adware.GamePlayLab) → Quarantined and deleted successfully.
C:\Program Files (x86)\I Want This\I Want This.ico (Adware.GamePlayLab) → Quarantined and deleted successfully.
C:\Program Files (x86)\I Want This\I Want ThisGui.exe (Adware.GamePlayLab) → Quarantined and deleted successfully.
C:\Program Files (x86)\I Want This\I Want ThisInstaller.log (Adware.GamePlayLab) → Quarantined and deleted successfully.
C:\Program Files (x86)\I Want This\jquery.js (Adware.GamePlayLab) → Quarantined and deleted successfully.
C:\Program Files (x86)\I Want This\json.js (Adware.GamePlayLab) → Quarantined and deleted successfully.
C:\Program Files (x86)\I Want This\Uninstall.exe (Adware.GamePlayLab) → Quarantined and deleted successfully.
C:\Users\Alexis N. Harold\Local Settings\Application Data\I Want This\Chrome\I Want This.crx (Adware.GamePlayLab) → Quarantined and deleted successfully.
C:\Users\Alexis N. Harold\AppData\Local\I Want This\Chrome\I Want This.crx (Adware.GamePlayLab) → Quarantined and deleted successfully.

(end)

aswMBR:

aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-11-22 00:16:08

00:16:08.219 OS Version: Windows x64 6.1.7601 Service Pack 1
00:16:08.219 Number of processors: 2 586 0x170A
00:16:08.221 ComputerName: ALEXIS-LAPTOP UserName:
00:16:09.314 Initialize success
00:16:09.476 AVAST engine defs: 12111700
00:16:19.582 Disk 0 (boot) \Device\Harddisk0\DR0 → \Device\Ide\IAAStorageDevice-1
00:16:19.584 Disk 0 Vendor: WDC_WD32 02.0 Size: 305245MB BusType: 3
00:16:19.660 Disk 0 MBR read successfully
00:16:19.663 Disk 0 MBR scan
00:16:19.667 Disk 0 Windows 7 default MBR code
00:16:19.678 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 100 MB offset 2048
00:16:19.695 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 16898 MB offset 206848
00:16:19.718 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 288238 MB offset 34828920
00:16:19.797 Disk 0 scanning C:\windows\system32\drivers
00:16:39.792 Service scanning
00:17:36.809 Modules scanning
00:17:36.824 Disk 0 trace - called modules:
00:17:36.854 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
00:17:36.882 1 nt!IofCallDriver → \Device\Harddisk0\DR0[0xfffffa80030e8060]
00:17:36.891 3 CLASSPNP.SYS[fffff8800185143f] → nt!IofCallDriver → \Device\Ide\IAAStorageDevice-1[0xfffffa8002e2e050]
00:17:38.054 AVAST engine scan C:\windows
00:17:49.032 AVAST engine scan C:\windows\system32
00:21:45.474 AVAST engine scan C:\windows\system32\drivers
00:22:02.284 AVAST engine scan C:\Users\Alexis N. Harold
00:40:43.576 AVAST engine scan C:\ProgramData
00:44:41.085 Scan finished successfully
00:45:24.632 Disk 0 MBR has been saved successfully to “C:\MBR.dat”
00:45:24.639 The log file has been saved successfully to “C:\aswMBR.txt”

update malwarebytes and run a quick scan…
when done make sure everything is marked for removal, also the PUP detections…then click the remove selected button
post new log

AdwCleaner removed this antiphishing toolbar that conflict with avast

Folder Deleted : C:\ProgramData\Anti-phishing Domain Advisor Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Anti-phishing Domain Advisor Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Anti-phishing Domain Advisor]

a removal specialist is notified and will check your logs for any leftovers
it may take hours before he arrive so be patient

Hi did the alerts cease after the AdwCleaner run ?

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

https://dl.dropbox.com/u/73555776/OTL_Fix.GIF


:OTL
O2 - BHO: (Qwiklinx) - {3E7C8B5A-96AB-438F-BF9B-782400655440} - C:\Users\Alexis N. Harold\AppData\Roaming\Qwiklinx\Qwiklinx.dll File not found
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Alexis N. Harold\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\Alexis N. Harold\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm File not found
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found

:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.